---
id: cookies
title: Configuring Cookies
---

By default, cookies sent by the Hydra Public endpoints are set without
explicitly specifying a SameSite mode. If you wish for these cookies to be set
with a mode you can use the `serve.cookies.same_site_mode` setting. Possible
values are `Strict`, `Lax` or `None`.

If you wish to embed requests to hydra on a third party site (for example an
iframe that periodically polls to check session status) you will need to set the
mode to `None`.

Some
[browser versions](https://www.chromium.org/updates/same-site/incompatible-clients)
reject cookies using the `Same-Site=None` attribute. Hydra implements a
[workaround](https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients)
that can be enabled by setting `serve.cookies.same_site_legacy_workaround` to
`true`. This workaround is disabled by default, and only takes effect when
`serve.cookies.same_site_mode` is set to `None`.
